Design & Implementation Guide: What’s In a Name?

This may seem to some a rhetorical question, right? It’s in the name! A guide that describes the design and implementation of a system or solution. That seems simple enough. Cisco Design and Implementation Guides (DIGs) can be found in the Cisco Design Zone. Many of these designs are Cisco Validated Designs (CVDs) that include internal or external testing, some are reference designs, and some are visionary architectures or best practices documented by experienced engineers.

As a Network Architect, I came to Cisco to develop CVDs and accelerate business solutions beyond just the “marketecture” vision. I wanted to prove how products and systems can be used to create end-to-end solutions that work better together, more than just the sum of their parts, solving real-world business problems.

I believe the Cisco Compliance Solution for Payment Card Industry Data Security Standard (PCI DSS) 2.0 is one of the better business targeted CVDs available. It addresses a significant number of requirements in the PCI DSS. At first glance, the 1200-plus pages may seem overwhelming. But when you look closer, it is a well-segmented guide that outlines the framework, architecture, and specific design examples. The appendices comprise a large part of the guide and contain all the diagrams and complete device configurations. And because this solution was validated as a representative end-to-end enterprise network, you can see how each device configuration complements the other.

The Cisco PCI solution has evolved over the years as the PCI DSS has matured and is now in its sixth iteration. With this latest update, we replaced several end-of-sale products as well as added the new Cisco ASA-X Series Next-Generation Firewalls, Cisco Prime LAN Management Solution (LMS) with its compliance auditing feature license, Cisco Identity Services Engine (ISE) with TrustSec, and guidance for IPv6. What I like most about this solution is that it is not trying to sell a specific box or feature; it provides guidance on how to plan, architect, design, and configure your end-to-end enterprise infrastructure to achieve and maintain compliance on an ongoing basis. Or conversely, if you are looking to add new capabilities to your network, you can see how to do it and remain compliant. It also goes beyond just an internal validation of what Cisco proposes for a compliant architecture. With our partner, Verizon Business and their Security Solutions team powered by Cybertrust, we’ve had the infrastructure assessed for compliance as if we were a merchant’s infrastructure network. As such, we have experienced much of the same pain as our customers. The assessment of this compliance audit is included in Appendix C of the PCI DSS 2.0 Design and Implementation Guide.

If you have a challenge in your network, check out the Cisco Design Zone to see if we have already devised a solution that can be adapted to your needs. These guides provide both high-level guidance and step-by-step configuration techniques to solve many of the problems you may be facing.

To learn more about PCI DSS or other compliance solutions, come visit the Unified Compliance Solution demo at Cisco Live June 24-27, 2013, and test your compliance knowledge. Each day, the person who correctly answers the greatest number of questions in the least amount of time will receive a new Apple iPad 4G mini. Check out www.ciscolive.com for more information on the event.

We are very interested in your thoughts right now! You can provide feedback via our “2013 Cisco Regulatory and Industry Compliance Survey,” available at:

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.